OPNsense Forum

English Forums => Virtual private networks => Topic started by: SimHat on March 28, 2023, 10:59:52 PM

Title: [Solved] OpenVPN Access to Internal Resources via DNS Name
Post by: SimHat on March 28, 2023, 10:59:52 PM
Brief setup overview:
I've have an OpenVPN setup that is working.  I can access tunneled resources via IP without issue.
I'm using Dynamic DNS to translate my external IP to a DNS name.
I'm using NAT reflection so my LAN clients can access the LAN resources by DNS name.
I'm using Unbound DNS for all LAN and VPN clients.
All VPN traffic is forced through the tunnel.  No split tunneling.

Problem:
VPN users are not able to access LAN resources by the DNS name.

I'm not sure if this is a firewall rule I need to set or a NAT setting that needs to be changed.
I'm sure this has been covered before, but I was having a tough time searching.
Title: Re: OpenVPN Access to Internal Resources via DNS Name
Post by: ZidooNewbie22 on April 10, 2023, 11:29:09 PM
Hi @SimHat,

I am looking for a solution for the very same problem as you have.
Other threads related to that topic I found are:
https://forum.opnsense.org/index.php?topic=26694.0 (https://forum.opnsense.org/index.php?topic=26694.0)
https://forum.opnsense.org/index.php?topic=25868.0 (https://forum.opnsense.org/index.php?topic=25868.0)
https://forum.opnsense.org/index.php?topic=32006.0 (https://forum.opnsense.org/index.php?topic=32006.0)
non of them had a solution documentated for this topic.

So in case it helps to debug or support with this , attached you can find screenshots of my rules and NAT configuration.

One remark:  I disabled the WAN rules to support Port Forwarding to reverse proxy, since I only want to allow to access it only from within the LAN  or via OpenVPN, but not from the internet.

Thanks in advance,

(https://forum.opnsense.org/index.php?action=dlattach;topic=33283.0;attach=27025)
(https://forum.opnsense.org/index.php?action=dlattach;topic=33283.0;attach=27019)
(https://forum.opnsense.org/index.php?action=dlattach;topic=33283.0;attach=27021)
(https://forum.opnsense.org/index.php?action=dlattach;topic=33283.0;attach=27023)
Title: Re: OpenVPN Access to Internal Resources via DNS Name
Post by: SimHat on May 16, 2023, 08:20:34 PM
I was making this way harder than it needed to be.
I was able to resolve the issue by simply adding the OpenVPN interface to all the existing NAT rules that I wanted to use.